ClawHub

Permissions Broker

v1.0.9

Interact with the Permissions Broker service to fetch data from Google APIs behind a Telegram approval gate. Use when an agent needs to read Google Drive/Doc...

0· 1.2k·0 current·0 all-time
by@stephancill
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md describes a broker/proxy that creates upstream requests and obtains user approval via Telegram—everything the skill asks the agent to do (create proxy request, poll for approval, call execute) matches that purpose. It does not request unrelated credentials or system access.
Instruction Scope
Instructions are explicit about building POST /v1/proxy/request bodies, polling for approval, and calling execute. They warn not to paste API keys into logs. A potentially ambiguous instruction is 'parse/persist what you need on the first successful execution' — that could be interpreted to persist sensitive upstream data without explicit re-consent. Also the SKILL.md tells the agent to ask the user to paste the PB_API_KEY from Telegram and optionally store it; this is within scope but requires explicit user consent in practice.
Install Mechanism
Instruction-only skill with no install steps, no code files, and no binaries requested. This is low-risk from an install/execution perspective.
Credentials
No required env vars are declared, but the skill instructs storing a broker API key (PB_API_KEY) in the agent's secrets store if the user consents. That is proportional to the purpose. There are no requests for unrelated secrets or host-level config.
Persistence & Privilege
always:false (normal). The skill permits storing a PB_API_KEY for reuse if the user agrees; combined with autonomous invocation this would allow the agent to create broker requests without re-prompting the user (approval still happens in Telegram). This behavior is expected for this kind of broker but is a privacy/abuse consideration the user should understand.
Assessment
This skill appears to do what it says: it helps the agent create brokered upstream API requests that the user approves in Telegram. Before installing or storing any broker key: 1) Verify you trust the broker service hostname (the docs refer to https://permissions-broker.steer.fun) and the Telegram bot that issues keys. 2) Prefer session-only keys if you do not want persistent agent access; only store PB_API_KEY in the agent's secret store after explicit consent. 3) Be aware the agent is told to 'parse/persist what you need' on first fetch—decide and communicate whether fetched data may be retained. 4) If you don't trust the broker, do not provide its API key and instead supply local credentials directly or decline the skill. If you want a stronger assessment, provide the broker's real homepage, code, or the Telegram bot identity so I can check the service origin and ownership.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bpg24162hms7ea97yvvgath815qc2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments